Wy876

**Name of the Vulnerable Software and Affected Versions** JEEWMS version 3.7 **Description** A zip slip vulnerability in the `MigrateForm.java` component of the service migrate module allows attackers to execute arbitrary code via a crafted Zip file. This issue can potentially be exploited to gain unauthorized access and execute malicious code. **Recommendations** For JEEWMS version 3.7, consider restricting access to the `MigrateForm.java` component until a patch is available. As a temporary workaround, avoid using the service migrate module with untrusted Zip files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version V15.03.05.16 **Description** The issue is a buffer overflow vulnerability in the `formexeCommand` function. This vulnerability can be exploited, potentially leading to unauthorized access or control. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Tenda AC6 version V15.03.05.16, as a temporary workaround, consider disabling the `formexeCommand` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpringBlade version 3.7.1 **Description** An issue in SpringBlade allows attackers to obtain sensitive information via a crafted GET request to the "api/blade-system/tenant" endpoint. The `api/blade-system/tenant` endpoint is vulnerable to this issue. **Recommendations** For SpringBlade version 3.7.1, as a temporary workaround, consider restricting access to the "api/blade-system/tenant" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MRCMS version 3.0 **Description** The issue is a Cross-Site Scripting (XSS) vulnerability. It can be exploited via the `/admin/system/saveinfo.do` API endpoint. **Recommendations** For MRCMS version 3.0, consider restricting access to the `/admin/system/saveinfo.do` API endpoint until a patch is available. As a temporary workaround, avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MRCMS version 3.0 **Description** The issue is related to an Arbitrary File Read vulnerability. It affects the `/admin/file/edit.do` endpoint, where the incoming `path` parameter is not properly filtered. This allows for unauthorized access to files. **Recommendations** For MRCMS version 3.0, as a temporary workaround, consider restricting access to the `/admin/file/edit.do` endpoint until a patch is available. Additionally, avoid using the `path` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.